Why? The security researcher is protesting Apple’s Mac bug bounty policies ( via ).Īpple rewards independent security researchers ( and others) with monetary bounties for finding exploits and vulnerabilities for its iOS platform. That’s because Henze has not shared the details of the exploit with Apple. But that may not be the case in this scenario. Normally, at this point, we’d say that Apple has been alerted to the details of the vulnerability and is working on a fix. But it’s still a significant vulnerability for Mac users. If there’s a bright side to KeySteal, it’s the fact that the exploit can’t be used to access passwords stored in iCloud Keychain.